class UsersController < ApplicationController
    include Account::AccountController
    
    layout 'default'
    before_filter :setup_user, :only =>[:new, :edit, :update, :destroy]
    
    ###################################
    # this method is called after a user successfully signs in
    def logged_in
        redirect_to :action => 'show', :id => current_user.id
    end
    
    ###################################
    # GET /users
    # GET /users.xml
    def index
        @users = User.find(:all)
        
        respond_to do |format|
            format.html # index.rhtml
            format.xml  { render :xml => @users.to_xml }
        end
    end
    
    ###################################
    # GET /users/1
    # GET /users/1.xml
    def show
        @user = User.find(params[:id])
        
        respond_to do |format|
            format.html # show.rhtml
            format.xml  {@didilies = @user.didilies; render :action => '../shared/didilies_xml.rxml', :layout=>false }
            format.rss  {@didilies = @user.didilies; render :action => '../shared/didilies_rss.rxml', :layout=>false }
            format.atom {@didilies = @user.didilies; render :action => '../shared/didilies_atom.rxml', :layout=>false }
            format.rdf  {@didilies = @user.didilies; render :action => '../shared/didilies_rdf.rxml', :layout=>false }
        end
        
#        respond_to do |format|
#            format.html # show.rhtml
#            format.xml  { render :xml => @user.to_xml }
#        end
    end

    ###################################
    # GET /users/1
    # GET /users/1.xml
    def didily
        @user = User.find(params[:id])
        
        respond_to do |format|
            format.html # didily.rhtml
            format.xml  {@didilies = @user.didilies; render :action => '../shared/didilies_xml.rxml', :layout=>false }
            format.rss  {@didilies = @user.didilies; render :action => '../shared/didilies_rss.rxml', :layout=>false }
            format.atom {@didilies = @user.didilies; render :action => '../shared/didilies_atom.rxml', :layout=>false }
            format.rdf  {@didilies = @user.didilies; render :action => '../shared/didilies_rdf.rxml', :layout=>false }
        end
    end
           
    ###################################
    # GET /users/1;edit
    def edit
        authorize_user('edit')
    end
    
    ###################################
    # PUT /users/1
    # PUT /users/1.xml
    def update
        if authorize_user('edit')
            respond_to do |format|
                if User.update(@user.id, params[:user])
                    flash[:notice] = 'User was successfully updated.'
                    format.html { redirect_to user_url(@user) }
                    format.xml  { head :ok }
                else
                    format.html { render :action => "edit" }
                    format.xml  { render :xml => @user.errors.to_xml }
                end
            end
        end
    end
    
    ###################################
    # Let's a user delete their account
    def delete
        # TODO finish didily implementation
        if authorize_user('delete')
            if request.post?
                @user.destroy
                respond_to do |format|
                    format.html { redirect_to users_url }
                    format.xml  { head :ok }
                end
            end
        end
    end
    
    ###################################
    # DELETE /users/1
    # DELETE /users/1.xml
    def destroy
        if authorize_user('delete')
            @user.destroy
            respond_to do |format|
                format.html { redirect_to users_url }
                format.xml  { head :ok }
            end
        end
    end
    
    protected
    
    ###################################
    # Authorize the action.  We don't want users editing
    # other people's stuff. 
    def authorize_user(action = 'edit')
        @user = User.find(params[:id])
        
        if(@user.nil?)
            flash[:warning] = "Could not find the specified user."
            respond_to do |format|
                format.html { redirect_to users_url }
                format.xml  { head :fail }
            end
            return false
        end
            
        if current_user.nil?
            flash[:warning] = "Please Login."
            respond_to do |format|
                format.html { redirect_to users_url }
                format.xml  { head :fail }
            end
            return false
        end
        
        if ((@user.id == current_user.id) || (current_user.role == 'admin'))
            return true
        else
            flash[:warning] = "You don't have permission to " + action + @user.login + "'s information."
            respond_to do |format|
                format.html { redirect_to users_url }
                format.xml  { head :fail }
            end
            return false
        end
        
    end
    
    def setup_user
        @user = User.find(params[:id])
        restrict_access(@user, 'admin')
    end
    
end
